docker(三)docker仓库
凤高澹
Docker仓库
仓库(Repository)是集中存放镜像的地方。以下介绍一下 Docker Hub。当然不止 docker hub,只是远程的服务商不一样,操作都是一样的。
docker仓库是用来保存镜像的位置,docker提供一个注册服务器(register)来保存多个仓库,每个仓库又可以包含多个具备不同的tag的镜像
docker运行中使用的默认仓库是docker Hub 公共仓库,使用公共registry
docker hub:是docker公司维护的公共仓库,用户可以免费使用,也可以购买私有仓库。
#保存和分发镜像的最直接的方法就是使用DockerHub
1.在docker hub上注册一个帐号
2.登陆
[root@server1 docker]# docker login -u dangdangwestos
Password: #密码:dangdang
Login Succeeded
"""
[root@docker ~]# docker login -u dangdangwestos
Password:
# 这个警告的意思是 密码这样存储会有安全问题
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker ~]# cat .docker/config.json
#做过一个认证后就把认证信息放在文件中
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "ZGFuZ2Rhbmd3ZXN0b3M6NjQ1MTkzMjM2"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.6 (linux)"
}
"""
#退出
docker logout
3.修改镜像的名字 使之与Docker Hub帐号匹配
docker hub为了区分不同用户的镜像名 镜像的名字中要包含用户名 完整格式为
[username]/xxx:tag
"""
我们可以通过以下命令搜寻docker官方仓库中的镜像
可以清楚的看到 除了官方镜像外 其余镜像均要按照官方的要求更改镜像的标签
# 不同的人可以上传不同的镜像
"""
[root@server3 ~]# docker search busybox
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
busybox Busybox base image. 1658 [OK]
progrium/busybox 70 [OK]
radial/busyboxplus Full-chain, Internet enabled, busybox made f… 24 [OK]
arm32v7/busybox Busybox base image. 7
yauritux/busybox-curl Busybox with CURL 5
armhf/busybox Busybox base image. 5
arm64v8/busybox Busybox base image. 3
aarch64/busybox Busybox base image. 2
[root@docker ~]# docker search dangdangwestos #搜索自己的
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
dangdangwestos/rhel7-up 0
dangdangwestos/busybox 0
dangdangwestos/rhel7-addifconfig 0
dangdangwestos/httpd 0
上传
[root@server3 ~]# docker tag busybox:latest dangdangwestos/busybox:latest
[root@server3 ~]# docker push dangdangwestos/busybox
dangdangwestos/busybox dangdangwestos/busybox:latest
[root@server3 ~]# docker push dangdangwestos/busybox:latest
The push refers to repository [docker.io/dangdangwestos/busybox]
0d315111b484: Mounted from library/busybox
latest: digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649 size: 527
拉取
# 拉取 会先检索本地的镜像 如果存在则不会被拉取
[root@server3 ~]# docker pull dangdangwestos/busybox:latest
latest: Pulling from dangdangwestos/busybox
Digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
Status: Image is up to date for dangdangwestos/busybox:latest
# 先删除之前的再拉取
[root@server3 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v4 b218a266197d 2 days ago 144MB
nginx v3 49349f668909 2 days ago 253MB
nginx v2 d21df066fe46 2 days ago 272MB
nginx v1 6baf2165c143 2 days ago 295MB
ubuntu latest 3556258649b2 3 weeks ago 64.2MB
busybox latest db8ee88ad75f 4 weeks ago 1.22MB
game2048 latest 19299002fdbe 2 years ago 55.5MB
rhel7 latest 0a3eb3fde7fd 5 years ago 140MB
[root@server3 ~]# docker pull dangdangwestos/busybox:latest
latest: Pulling from dangdangwestos/busybox
Digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
Status: Downloaded newer image for dangdangwestos/busybox:latest
[root@server3 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v4 b218a266197d 2 days ago 144MB
nginx v3 49349f668909 2 days ago 253MB
nginx v2 d21df066fe46 2 days ago 272MB
nginx v1 6baf2165c143 2 days ago 295MB
ubuntu latest 3556258649b2 3 weeks ago 64.2MB
dangdangwestos/busybox latest db8ee88ad75f 4 weeks ago 1.22MB
busybox latest db8ee88ad75f 4 weeks ago 1.22MB
game2048 latest 19299002fdbe 2 years ago 55.5MB
rhel7 latest 0a3eb3fde7fd 5 years ago 140MB
# 可再次打标签 #觉得用户名太长太复杂的化
[root@server3 ~]# docker tag dangdangwestos/busybox:latest busybox:latest
# 删除docker hub上的镜像
registry
一次docker pull或 push背后发生的事情
index服务器主要提供镜像索引以及用户认证的功能,
当下载一个镜像的时候,首先回去index服务器上做认证,
然后查找镜像所在的registry的地址并回给docker客户端,
docker客户端再从registry下载镜像,在下载的过程中registry会去
index校验客户端token的合法性,不同镜像可以保存在不同的
registry服务上,其检索信息都放在index服务器上。
index:负责并维护有关账户,镜像的校验以及公共命名空间的信息(并不会存放真正的镜像层)
web UI
元数据存储
认证服务
符号化
registry:是镜像和图表的仓库,它不具有本地数据库以及不提供用户认证
registry client:docker充当registry客户端来维护推送和拉取,以及客户端的授权
"""
场景讲解:
Docker Client ---> index ----> registry
A:用户要获取并下载镜像
B:用户要推送镜像到registry中(index会创建镜像的命名空间)
C:用户要从index或registry中删除镜像
镜像加速
搭建私有仓库(搭建本地registry)
docker hub虽然方便 但还是有些限制,比如:
1.需要连接internet,下载和上传速度慢
2.上传到docker hub的镜像任何人都能访问
3.因安全原因很多组织不允许将镜像放到外网
解决方案就是搭建本地的registry
docker已经将registry开源了,同时在docker hub上也有官方的镜像registry
"""
```bash
[root@server3 ~]# docker search registry
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
registry The Docker Registry 2.0 implementation for s… 2655 [OK]
# 拉取镜像
[root@server3 ~]# docker pull registry #拉取最新版
Using default tag: latest
latest: Pulling from library/registry
c87736221ed0: Pull complete
1cc8e0bb44df: Pull complete
54d33bcb37f5: Pull complete
e8afc091c171: Pull complete
b4541f6d3db6: Pull complete
Digest: sha256:8004747f1e8cd820a148fb7499d71a76d45ff66bac6a29129bfdbfdc0154d146
Status: Downloaded newer image for registry:latest
# 查看
[root@server3 ~]# docker images
registry latest f32a97de94e1 5 months ago 25.8MB
[root@server3 ~]# docker history registry
IMAGE CREATED CREATED BY SIZE COMMENT
f32a97de94e1 5 months ago /bin/sh -c #(nop) CMD ["/etc/docker/registr… 0B
<missing> 5 months ago /bin/sh -c #(nop) ENTRYPOINT ["/entrypoint.… 0B
<missing> 5 months ago /bin/sh -c #(nop) COPY file:507caa54f88c1f38… 155B
<missing> 5 months ago /bin/sh -c #(nop) EXPOSE 5000 0B
<missing> 5 months ago /bin/sh -c #(nop) VOLUME [/var/lib/registry] 0B
<missing> 5 months ago /bin/sh -c #(nop) COPY file:4544cc1555469403… 295B
<missing> 5 months ago /bin/sh -c #(nop) COPY file:21256ff7df5369f7… 20.1MB
<missing> 5 months ago /bin/sh -c set -ex && apk add --no-cache… 1.27MB
<missing> 5 months ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
<missing> 5 months ago /bin/sh -c #(nop) ADD file:38bc6b51693b13d84… 4.41MB
# 运行 映射到本机的5000端口
[root@server3 ~]# docker run -d --name registry -p 5000:5000 registry #端口映射到本机 便于外部访问
4579de1e48406e35648ade8a29f3dc38855d3ad84edca050c099d7b6a744c9c5
# 查看容器的信息 可以看到与本地文件系统发生的关联
[root@server3 ~]# docker inspect 4579de1e48406e35648ade8a29f3dc38855d3ad84edca050c099d7b6a744c9c5
"Mounts": [
{
"Type": "volume",
"Name": "37e8aed215b0812c9ca3f3b6018a52bec0029844a2cd7dd4a505a6772fbc7e52",
"Source": "/var/lib/docker/volumes/37e8aed215b0812c9ca3f3b6018a52bec0029844a2cd7dd4a505a6772fbc7e52/_data",
"Destination": "/var/lib/registry",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
[root@server3 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4579de1e4840 registry "/entrypoint.sh /etc…" 54 seconds ago Up 53 seconds 0.0.0.0:5000->5000/tcp registry
[root@server3 ~]# netstat -antlpe
tcp6 0 0 :::5000 :::*
# 默认上传到docker hub中去
# 修改标签 使其上传的时候明白要往哪里去
[root@server3 ~]# docker tag nginx:v1 localhost:5000/nginx:v1
# 查看上传成功
[root@server3 ~]# docker push localhost:5000/nginx
The push refers to repository [localhost:5000/nginx]
7d1f91d2183b: Pushed
44e042b8c4f1: Pushed
4ee9ed108b64: Pushed
faa0d2dbf883: Pushed
a5e52a0ea4d4: Pushed
38ab3572be9b: Pushed
e16686814e10: Pushed
18af9eb19b5f: Pushed
v1: digest: sha256:1f42e2af016eae42bf2db8dc0d4a522b4f44c88ef2e786bcd160886bc0fc1242 size: 2000
[root@server3 image]# cd /var/lib/docker/volumes/37e8aed215b0812c9ca3f3b6018a52bec0029844a2cd7dd4a505a6772fbc7e52/_data
[root@server3 _data]# ls
docker
[root@server3 _data]# cd docker/
[root@server3 _data]# tree .
[root@server3 docker]# ls
registry
[root@server3 docker]# cd registry/
[root@server3 registry]# ls
v2
[root@server3 registry]#
加密
# 以上操作有安全问题(没有认证)和使用的问题(localhost 如果不是本机就使用不了localhost)
作为企业级的私有仓库是远远不够的
为docker仓库添加证书加密功能
官方文档
https://docs.docker.com/registry/insecure/
[root@server3 ~]# mkdir -p certs
# 使用一个自签名证书
[root@server3 ~]# openssl req \
> -newkey rsa:4096 -nodes -sha256 -keyout certs/westos.org.key \
> -x509 -days 365 -out certs/westos.org.crt
Generating a 4096 bit RSA private key
writing new private key to 'certs/westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:Xi'an
Organization Name (eg, company) [Default Company Ltd]:Westos
Organizational Unit Name (eg, section) []:Linux
Common Name (eg, your name or your server's hostname) []:westos.org
Email Address []:root@westos.org
[root@server3 ~]# ls certs/
westos.org.crt (证书) westos.org.key(私钥)
# 删除之前运行的registry容器
[root@server3 ~]# docker rm -f registry
registry
[root@server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
# 怎么样进行部署
https://docs.docker.com/registry/deploying/#get-a-certificate
# 注意此处:REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key -p 443:443 registry 不是:/root/...
[root@server3 ~]# docker run -d --restart=always --name registry -v "$(pwd)"/certs:/certs
-e REGISTRY_HTTP_ADDR=0.0.0.0:443
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key
-p 443:443 registry
3ebba5226703e6a15df3301ebc12207a213f939fb92af861c7f64c6ca2fd107b
"""
docker run -d :启动容器并打入后台
--restart=always --name registry #容器自启动(docker引擎启动的同时会启动容器)
-v "$(pwd)"/certs:/certs #本地的certs目录挂接到容器的certs目录
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 #-e 编辑 监听本机443的加密端口
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt #证书
-e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key #私钥
-p 443:443 registry
"""
# 开启了443端口
[root@server3 ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 649/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 852/master
tcp 0 0 172.25.0.3:22 172.25.0.250:54274 ESTABLISHED 2062/sshd: root@pts
tcp 0 0 172.25.0.3:22 172.25.0.250:56174 ESTABLISHED 5189/sshd: root@pts
tcp6 0 0 :::22 :::* LISTEN 649/sshd
tcp6 0 0 ::1:25 :::* LISTEN 852/master
tcp6 0 0 :::443 :::* LISTEN 7421/docker-proxy
# 注意:此时 docker的server端已经跑起来了 那么们的本地要去做Tls连接的话也是需要加密证书的
# 因为我们所使用的域名是westos.org 所以主机名要有解析
[root@server3 ~]# ping westos.org
PING server3 (172.25.0.3) 56(84) bytes of data.
64 bytes from server3 (172.25.0.3): icmp_seq=1 ttl=64 time=0.037 ms
64 bytes from server3 (172.25.0.3): icmp_seq=2 ttl=64 time=0.027 ms
[root@server3 ~]# cd /etc/docker/
[root@server3 docker]# ls
daemon.json key.json
[root@server3 docker]# mkdir certs.d
[root@server3 docker]# cd certs.d/
[root@server3 certs.d]# mkdir westos.org
[root@server3 certs.d]# cd westos.org/
[root@server3 westos.org]# ls
[root@server3 westos.org]# cp /root/certs/westos.org.crt ca.crt
[root@server3 westos.org]# ls
ca.crt
[root@server3 westos.org]# docker tag nginx:v3 westos.org/nginx:v3
[root@server3 westos.org]# docker push westos.org/nginx
The push refers to repository [westos.org/nginx]
7eb94711c590: Pushed
cdb9e6fdd1dd: Pushed
ac047a8a6c70: Pushed
e16686814e10: Pushed
18af9eb19b5f: Pushed
v3: digest: sha256:ad7f1eadc6268d111c7c1763dd76943e4c1f831f59bde82796bc351b894526b5 size: 1366
# 添加客户端的push认证
# 在之前的443更改 不用官网的5000
[root@server3 ~]# mkdir auth
[root@server3 ~]# docker run --rm entrypoint htpasswd registry -Bbn admin westos >auth/htpasswd
"""
admin 用户名
westos 密码
多个用户名可追加
docker run --rm entrypoint htpasswd registry -Bbn redhat redhat >>auth/htpasswd
"""
# 之前的registry要删除
[root@docker ~]# docker rm -f registry
registry
#在加密的基础上做认证 #一定是先加密再认证 要不是不安全的
[root@server3 ~]# docker run -d --restart=always --name registry
-v "$(pwd)"/certs:/certs
-e REGISTRY_HTTP_ADDR=0.0.0.0:443
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/westos.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/westos.org.key
-p 443:443 -v "$(pwd)"/auth:/auth
-e "REGISTRY_AUTH=htpasswd"
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
2fb465d2f79e4a547a72e8014fe80c25cfc0321948ac83da45532f166c29fe80
[root@server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2fb465d2f79e registry "/entrypoint.sh /etc…" 5 seconds ago Up 5 seconds 0.0.0.0:443->443/tcp, 5000/tcp registry
[root@server3 ~]# docker login westos.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server3 ~]# docker logout westos.org #退出登陆
Removing login credentials for westos.org
# push提示报错
[root@server3 ~]# docker push westos.org/nginx
westos.org/nginx westos.org/nginx:v3
The push refers to repository [westos.org/rhel7]
18af9eb19b5f: Preparing
no basic auth credentials
westos.org/nginx westos.org/nginx:v3
[root@server3 ~]# docker login westos.org
[root@server3 ~]# docker push westos.org/nginx:v3
The push refers to repository [westos.org/nginx]
7eb94711c590: Preparing
cdb9e6fdd1dd: Preparing
ac047a8a6c70: Preparing
e16686814e10: Preparing
18af9eb19b5f: Preparing
no basic auth credentials #提示我们没有认证
[root@server3 ~]# docker login westos.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server3 ~]# docker push westos.org/nginx:v3
The push refers to repository [westos.org/nginx]
7eb94711c590: Pushed
cdb9e6fdd1dd: Pushed
ac047a8a6c70: Pushed
e16686814e10: Pushed
18af9eb19b5f: Pushed
v3: digest: sha256:ad7f1eadc6268d111c7c1763dd76943e4c1f831f59bde82796bc351b894526b5 size: 1366
远程主机怎么连接
再打开一台虚拟机,安装docker并启动
主机名要有解析
[root@server2 docker包]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.0.1 server1
172.25.0.2 server2
172.25.0.3 server3 westos.org
172.25.0.4 server4
172.25.0.5 server5
172.25.0.6 server6
172.25.0.7 server7
172.25.0.8 server8
[root@server2 docker包]# ping westos.org
PING server3 (172.25.0.3) 56(84) bytes of data.
64 bytes from server3 (172.25.0.3): icmp_seq=1 ttl=64 time=0.397 ms
要有认证文件,这个文件可以从server3这台主机获得
# 现有证书才能完成认证
[root@server3 ~]# cd /etc/docker/
[root@server3 docker]# ls
certs.d daemon.json key.json
[root@server3 docker]# scp -r certs.d/ server2:/etc/docker/
The authenticity of host 'server2 (172.25.0.2)' can't be established.
ECDSA key fingerprint is 67:9d:41:df:c9:b5:0e:f3:e1:30:72:c7:c9:07:69:e0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server2,172.25.0.2' (ECDSA) to the list of known hosts.
root@server2's password:
ca.crt 100% 2098 2.1KB/s 00:00
[root@server2 docker包]# cd /etc/docker/
[root@server2 docker]# ls
certs.d key.json
先认证再拉取
[root@server2 certs.d]# docker login westos.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server2 certs.d]# docker pull westos.org/nginx
Using default tag: latest
Error response from daemon: manifest for westos.org/nginx:latest not found
[root@server2 certs.d]# docker pull westos.org/nginx:v3
v3: Pulling from nginx
48f5bbc9baf5: Pull complete
15f1fc4f91e0: Pull complete
98331229c5fd: Pull complete
4c7f36e2f886: Pull complete
df58a187e237: Pull complete
Digest: sha256:ad7f1eadc6268d111c7c1763dd76943e4c1f831f59bde82796bc351b894526b5
Status: Downloaded newer image for westos.org/nginx:v3
测试运行成功
[root@server2 certs.d]# docker run -d --name nginx -p 80:80 westos.org/nginx:v3
299df76d6167d789883a1b7bdb9e338659f49be2e146bd4098e409a7f35d6a02
[root@server2 certs.d]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
299df76d6167 westos.org/nginx:v3 "/usr/local/nginx/sb…" 9 seconds ago Up 8 seconds 0.0.0.0:80->80/tcp nginx
[root@server2 certs.d]# curl localhost
我们需要一个web页面
# 拉取一个镜像
# 可以先search一下
[root@server3 docker]# docker pull hyper/docker-registry-web
Using default tag: latest
latest: Pulling from hyper/docker-registry-web
04c996abc244: Pull complete
d394d3da86fe: Pull complete
bac77aae22d4: Pull complete
b48b86b78e97: Pull complete
09b3dd842bf5: Pull complete
69f4c5394729: Pull complete
b012980650e9: Pull complete
7c7921c6fda1: Pull complete
e20331c175ea: Pull complete
40d5e82892a5: Pull complete
a414fa9c865a: Pull complete
0304ae3409f3: Pull complete
13effc1a664f: Pull complete
e5628d0e6f8c: Pull complete
0b0e130a3a52: Pull complete
d0c73ab65cd2: Pull complete
240c0b145309: Pull complete
f1fd6f874e5e: Pull complete
40b5e021928e: Pull complete
88a8c7267fbc: Pull complete
f9371a03010e: Pull complete
Digest: sha256:723ffa29aed2c51417d8bd32ac93a1cd0e7ef857a0099c1e1d7593c09f7910ae
Status: Downloaded newer image for hyper/docker-registry-web:latest
#去git hub搜索 按照文档做操作
https://github.com/mkuchin/docker-registry-web
[root@server3 ~]# cat .docker/config.json #查看之前的认证信息
{
"auths": {
"": {
"auth": "ZGFuZ2Rhbmd3ZXN0b3M6ZGFuZ2Rhbmc="
},
"https://index.docker.io/v1/": {
"auth": "ZGFuZ2Rhbmd3ZXN0b3M6ZGFuZ2Rhbmc="
},
"westos.org": {
"auth": "YWRtaW46d2VzdG9z" #-e REGISTRY_BASIC_AUTH="YWRtaW46d2VzdG9z"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.6 (linux)"
}
[root@server3 ~]# docker run -it -p 8080:8080
--name registry-web --link registry:westos.org
-e REGISTRY_URL=https://westos.org/v2
-e REGISTRY_TRUST_ANY_SSL=true
-e REGISTRY_BASIC_AUTH="YWRtaW46d2VzdG9z"
-e REGISTRY_NAME=westos.org:443 hyper/docker-registry-web
#v2:是一个版本
在浏览器测试:http://172.25.0.3:8080/
docker-compose
Compose 是用于定义和运行多容器 Docker 应用程序的工具。通过 Compose,您可以使用 YML 文件来配置应用程序需要的所有服务。然后,使用一个命令,就可以从 YML 文件配置中创建并启动所有服务。
Compose 使用的三个步骤:
使用 Dockerfile 定义应用程序的环境。
使用 docker-compose.yml 定义构成应用程序的服务,这样它们可以在隔离环境中一起运行。
最后,执行 docker-compose up 命令来启动并运行整个应用程序。
Docker-Compose项目是Docker官方的开源项目,负责实现对Docker容器集群的快速编排。
Docker-Compose将所管理的容器分为三层,分别是工程(project),服务(service)以及容器(container)。Docker-Compose运行目录下的所有文件(docker-compose.yml,extends文件或环境变量文件等)组成一个工程,若无特殊指定工程名即为当前目录名。一个工程当中可包含多个服务,每个服务中定义了容器运行的镜像,参数,依赖。一个服务当中可包括多个容器实例,Docker-Compose并没有解决负载均衡的问题,因此需要借助其它工具实现服务发现及负载均衡。
Docker-Compose的工程配置文件默认为docker-compose.yml,可通过环境变量COMPOSE_FILE或-f参数自定义配置文件,其定义了多个有依赖关系的服务及每个服务运行的容器。
使用一个Dockerfile模板文件,可以让用户很方便的定义一个单独的应用容器。在工作中,经常会碰到需要多个容器相互配合来完成某项任务的情况。例如要实现一个Web项目,除了Web服务容器本身,往往还需要再加上后端的数据库服务容器,甚至还包括负载均衡容器等。
Compose允许用户通过一个单独的docker-compose.yml模板文件(YAML 格式)来定义一组相关联的应用容器为一个项目(project)。
Docker-Compose项目由Python编写,调用Docker服务提供的API来对容器进行管理。因此,只要所操作的平台支持Docker API,就可以在其上利用Compose来进行编排管理。
docker-compose.yml 的配置案例如下(配置参数参考下文):
# yaml 配置实例
version: '3'
services:
web:
build: .
ports:
- "5000:5000"
volumes:
- .:/code
- logvolume01:/var/log
links:
- redis
redis:
image: redis
volumes:
logvolume01: {}
https://docs.docker.com/compose/install/
docker-compose的部署
下载,授予执行权限
[root@docker ~]# curl -L "https://github.com/docker
/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)"
-o /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 617 0 617 0 0 109 0 --:--:-- 0:00:05 --:--:-- 172
100 15.4M 100 15.4M 0 0 100k 0 0:02:37 0:02:37 --:--:-- 117k
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version
Harbor的搭建
tar zxf harbor-online-installer-v1.8.2.tgz
cd harbor/
# 修改配置文件
vim harbor.yml
hostname: westos.org
13 https:
14 # # https port for harbor, default is 443
15 port: 443
16 # # The path of cert and key files for nginx
17 certificate: /root/certs/westos.org.crt
18 private_key: /root/certs/westos.org.key
27 harbor_admin_password: westos
28
29 # Harbor DB configuration
30 database:
31 # The password for the root user of Harbor DB. Change this be fore any production use.
32 password: westos
# 更新配置文件
./prepare
# 安装并启动
./install.sh
查看容器状态
docker ps -a
docker-compose ps
在真机做好解析,浏览器中访问https://westos.org/
docker login westos.org
docker tag rhel7:latest westos.org/library/rhel7
# 这里一定要注意的是:tag的修改 必须加项目名称 而这个项目名称可以自己在网页中创建
docker push westos.org/library/rhel7
类似资料: